Commit Graph

20353 Commits

Author SHA1 Message Date
Guo Xiang Tan
8a64b0c8e8 Revert "DEV: Remove unused kwarg and properly check for local missing uploads."
This reverts commit 97769f3d02.

The code is confusing but this change is quite risky. Defer for now
until we can look at it properly.
2019-07-29 14:35:34 +08:00
Guo Xiang Tan
97769f3d02 DEV: Remove unused kwarg and properly check for local missing uploads. 2019-07-29 14:21:06 +08:00
Guo Xiang Tan
49d9557337 Revert commit that was pushed by mistake.
This reverts commit c7516c42e9.
2019-07-29 11:04:38 +08:00
Guo Xiang Tan
c7516c42e9 Revert "FIX: reverts #18e2816 (#7940)"
This reverts commit c7b146cbdf.
2019-07-29 09:18:53 +08:00
David Taylor
3324747afe UX: Improve account association when account description is missing 2019-07-27 16:37:21 +01:00
Rafael dos Santos Silva
1922d4bf78 PERF: Add more constraint on the Cache Storage usage
Only restricting cache per age wasn't enough for instances with lots of
multimedia usage and high number of posts.

MaxEntries is also more effective on cleanup, and purgeOnQuotaError
advertise that Discourse cache can be purged if necessary.

https://developers.google.com/web/tools/workbox/guides/storage-quota
2019-07-27 11:52:21 -03:00
Julien Ma
dcb0e5f1e5 Fix "Host is invalid" error when TLD >10 chars (#7948)
Related to https://meta.discourse.org/t/host-is-invalid-error-when-tld-is-longer-than-7-characters/46081.

Using Discourse `v2.4.0.beta2 +119`, I can't add an host (when embedding, cf. `/admin/customize/embedding`) ending with `.engineering`.
Turns out current regex limits to 10 characters.

Fix is dumb: it only allows for up to 24 chars, which is the **current** max TLD length, see https://stackoverflow.com/a/22038535/1907212.

---

Maybe a better (and longer-term) fix would be to allow for up to 64 chars, which I understand comes from the RFC.
I'm not at ease with regexes, so can't be sure about it, but [this suggestion](https://meta.discourse.org/t/host-is-invalid-error-when-tld-is-longer-than-7-characters/46081/8?u=julienma) seems pretty good:

> rules of DNS labels are:
>
> - All labels are 1 to 63 characters, case insensitive A to Z, 0 to 9 and - (hyphen), all from ASCII.
> - No labels may start with a hyphen.
> - No top level domain label may start with a number.
>
>That means a regexp for a valid domain name would look like:
>
>`/^([a-z0-9][a-z0-9-]{0,62}\.)+[a-z][a-z0-9-]{0,62}\.?$/`
>
>Domains that are just a TLD are sufficiently bizarre as to be worth ignoring.
2019-07-26 16:29:48 -04:00
Penar Musaraj
042f7184f1 DEV: Display FA 4.7 deprecation notice in all environments
FA 4.7 icon mapping will be removed soon.
2019-07-26 15:25:20 -04:00
Penar Musaraj
f408c583e8 DEV: Remove lightbox CSS rules 2019-07-26 10:57:22 -04:00
Osama Sayegh
525920a979
FIX: Better error when SSO fails due to blank secret (#7946)
* FIX: Better error when SSO fails due to blank secret

* Update spec/requests/session_controller_spec.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-26 17:37:23 +03:00
Joffrey JAFFEUX
fe7f0982af
DEV: attemps to limit Discourse.User.current() usage (#7943) 2019-07-26 11:20:11 +02:00
Arpit Jalan
0603636cea FIX: include default label when exporting reports 2019-07-26 12:57:13 +05:30
Kris
0f4fa98a82 Margin applied too broadly, caused extra space on like-count 2019-07-25 16:00:13 -04:00
Gerhard Schlager
fd12c414e7 DEV: Refactor helper methods for upload markdown
Follow-up to a61ff167
2019-07-25 16:36:35 +02:00
Vinoth Kannan
2ba4de2d45 REVERT: DEV: should ignore missing post uploads when a user export destroyed
Reverts 793915fe6a. We no longer need this since we're destroying each posts in commit 028121b95b.
2019-07-25 19:41:25 +05:30
Kyle Zhao
0e1d6151b9 FIX: Frozen string error in TopicEmbed.import (#7938)
When `SiteSetting.embed_truncate` is enabled (by default), the truncated
string is mutatable and does not raise an error.

However, when the setting is disabled, the `contents` string is frozen
and immutable, and will raise a `FrozenError`.
2019-07-25 09:21:01 -04:00
Gerhard Schlager
a61ff16740 DEV: Make attachment markdown reusable 2019-07-25 14:04:18 +02:00
David Taylor
4f1382a54a FIX: Hide live-loaded posts from ignored users 2019-07-25 12:01:29 +01:00
Joffrey JAFFEUX
0c7df55686
DEV: uses router.currentRouteName instead of application (#7942)
https://deprecations.emberjs.com/v3.x/#toc_application-controller-router-properties
2019-07-25 12:50:30 +02:00
Joffrey JAFFEUX
1dde6a5355
DEV: prevents post.siteSettings computed property to be overridden (#7941)
This happens when loading a post from a json object and is a behavior which will be impossble in future Ember updates.
2019-07-25 11:54:23 +02:00
Joffrey JAFFEUX
c7b146cbdf
FIX: reverts #18e2816 (#7940) 2019-07-25 11:14:23 +02:00
Osama Sayegh
997add3af9
DEV: Add extension point to allow modifying SSO URL (#7937)
This allows plugins to, for example, add extra query params to the SSO URL when discourse redirects to to the SSO website.
2019-07-25 00:18:27 +03:00
Joffrey JAFFEUX
c1d2fb115c
DEV: prevents staff computed property to be overridden (#7931) 2019-07-24 22:01:08 +02:00
Kris
2ab022494a UX: Add expanded/collapsed class to post-controls (#7932) 2019-07-24 10:08:59 -04:00
Joffrey JAFFEUX
1d38bf7e2c
DEV: removes deprecated property() usage from topic-footer-button api (#7930) 2019-07-24 13:55:18 +02:00
Joffrey JAFFEUX
e83dcfdb7b
DEV: ensures application.hbs is using router currentPath (#7929) 2019-07-24 13:33:59 +02:00
Joffrey JAFFEUX
e444ce7ccd
REFACTOR: this.$() deprecation (#7928) 2019-07-24 13:17:36 +02:00
David Taylor
0a6cae654b SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 10:28:15 +01:00
Joffrey JAFFEUX
02e27b5cff
UX: fixes onebox favicon vertical alignment (#7926) 2019-07-24 09:40:32 +02:00
Osama Sayegh
8b5f44a9a7
FIX: apply defaults constraints to routes format (take 2) (#7920)
Reapplies 7d01c5de1a
2019-07-23 20:17:44 +03:00
Saurabh Patel
9e0a3b8229 bug: keep query params present in auth_redirect (#7923)
https://meta.discourse.org/t/user-api-keys-payload-and-existing-query-string-leads-to-a-double-question-mark/123617
2019-07-23 12:16:03 -04:00
Kris
3fdc10337d follow up fix to 7d27b8b 2019-07-23 11:37:34 -04:00
Kris
7d27b8bb8c add class for extra post buttons 2019-07-23 11:32:04 -04:00
Joffrey JAFFEUX
e117b10ea8
FIX: improves tags checking when updating category of topic (#7921)
- will ensure this tag is not restricted to another category, and not only ensure this category can use it
- will clean tags param, in case client is sending an empty array, eg: [""], this could be solved client-side, but we ensure it won't happen ever this way
2019-07-23 17:06:25 +02:00
Joffrey JAFFEUX
8a9ce7336d
FIX: removes uncategorized context if not allowed in composer (#7922) 2019-07-23 17:05:49 +02:00
Saurabh Patel
4bc5ccf7e4 BUG: send featuredLink as featured_link to backend to update correct … (#7915)
* BUG: send featuredLink as featured_link to backend to update correct value
https://meta.discourse.org/t/editing-a-topic-link-does-not-change-its-featured-link/123007

* review fix
2019-07-23 09:49:04 -04:00
Gerhard Schlager
845fd42153 FIX: Update reply count when moving posts 2019-07-22 21:42:24 +02:00
Gerhard Schlager
271ddac467 FIX: Delete notifications users can't see after moving posts
No need to let notifications stay around when users can't access
a topic after it was converted into a PM or posts were moved
into a restricted topic.

Also makes sure that moving to a new topic correctly uses the
guardian for the first post by enqueuing jobs outside of a
transaction.
2019-07-22 19:02:21 +02:00
Gerhard Schlager
1235105c03 FIX: Old notifications didn't link to correct post after moving post 2019-07-22 17:38:45 +02:00
Osama Sayegh
5fc5a7f5ae FEATURE: Add search operator to see all direct messages from a user (#7913)
* FEATURE: Add search operator to see all direct messages from a user

* Only show message if related messages >= 5

* Make "all messages" the hyperlink

* Review
2019-07-22 10:55:49 -04:00
Saurabh Patel
08b48b2ba6 add user avatar to user crawler layout (#7917) 2019-07-22 10:52:35 -04:00
Kris
f1dd7d05e4 Update fa to d-icon for buttons, add icon space 2019-07-22 10:31:21 -04:00
Kris
8ee48d8933 UX: Improve layout of long tag headings on mobile 2019-07-22 10:08:03 -04:00
Osama Sayegh
f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Joffrey JAFFEUX
67650328b4
FIX: allows to specify camelCased attributes in wrap component (#7919) 2019-07-22 09:24:27 +02:00
Gerhard Schlager
651a5b6e40 SECURITY: Validate backup chunk identifier 2019-07-22 08:43:16 +02:00
Roman Rizzi
eb26bee046
DEV: group_list site settings should store IDs instead of group names (#7860)
* DEV: group_list site settings should store IDs instead of group names

* Ship site setting to know when we should migrate group_list settings

* Migrate existing group_list site settings

* Bump migration timestamp and don't set null when migrating is not possible.
2019-07-19 15:17:58 -03:00
Robin Ward
e47e0af123
FEATURE: Allow viewing of raw emails for reviewable queued posts (#7910)
If a post arrives via email but must be reviewed, we now show an
icon that can be clicked to view the raw contents of the email.

This is useful if Discourse's email parser is acting odd and the user
reviewing the post wants to know what the original contents were before
approving/rejecting the post.
2019-07-19 11:56:14 -04:00
Robin Ward
8dd3cbfcb9
FEATURE: Allow choice of category when making a PM public (#7907)
* FEATURE: Allow choice of category when making a PM public

Previously it would default to uncategorized, which was not ideal on
some forums. This gives the staff member more choice about what they'd
like to do.

* Make the optional category more explicit

* Joffrey's feedback
2019-07-19 11:52:50 -04:00
Kris
9075789783 IE11 fix for b73bd7f 2019-07-19 11:46:20 -04:00
Bianca Nenciu
9ba2c7cd8b
FIX: Set a minimum reading time per post. (#7842)
Topics containing only images could generate a reading time of zero minutes.
2019-07-19 18:15:38 +03:00
Kris
5a3a6824c4 UX: Refactor avatar upload modal for better mobile spacing 2019-07-19 10:39:38 -04:00
Arpit Jalan
1f1b3e99d1 UX: update invite 'not found' message 2019-07-19 16:39:44 +05:30
Arpit Jalan
2f6ce29736 FIX: do not request refresh on 'log out all' request 2019-07-19 16:24:58 +05:30
Dan Ungureanu
30c491500a
FEATURE: Permit users who had no penalties in last 6 months to be TL3. (#7892)
Previously, users who had any penalties (were silenced or suspended)
were not allowed to promote to Trust Level 3.

There is also a more subtle change here: if users were silenced or
suspended and then the operation was reverted (user was un-silenced
or un-suspended), then it would have been like the user was never
penalized in the first place. This is no longer the case. To forgive a
user earlier, administrators can use "Clear Penalty History" feature.

Lastly, Jobs::UnsilenceUsers will automatically unsilence any users who
should no longer be silenced (silenced_till < now()). This made it so
silence_count - unsilence_count == 0 for any user who is not silenced,
which defeated the purpose of this TL3 requirement.
2019-07-19 12:46:10 +03:00
Bianca Nenciu
9f500a4ff4
FIX: Show same username or name for post notices. (#7862) 2019-07-19 11:05:48 +03:00
Arpit Jalan
eb9155f3fe
FEATURE: send max 200 emails every minute for bulk invites (#7875)
DEV: deprecate `invite.via_email` in favor of `invite.emailed_status`

This commit adds a new column `emailed_status` in `invites` table for
 tracking email sending status.
 0 - not required
 1 - pending
 2 - bulk pending
 3 - sending
 4 - sent

For normal email invites, invite record is created with emailed_status
 set to 'pending'.

When bulk invites are sent invite record is created with emailed_status
 set to 'bulk pending'.

For invites that generates link, invite record is created with
 emailed_status set to 'not required'.

When invite email is in queue emailed_status is updated to 'sending'

Once the email is sent via `InviteEmail` job the invite emailed_status
 is updated to 'sent'.
2019-07-19 11:29:12 +05:30
Blake Erickson
d26aa6e71e REFACTOR: Cleanup rake tasks based on feedback
Follow up to: [FEATURE: Create a rake task for destroying categories][1]

- `Discourse.system_user` is my friend
- Remove puts statements from rake tasks that don't return anything
- `for_each` is also my friend
- Use `human_users` to also exclude discobot
- Sort/format categories:list

[1]: 092eeb5ca3
2019-07-18 19:15:01 -06:00
Gerhard Schlager
2ecc613c5d FIX: URL encode usernames in user profile links in RSS feeds
user_url() failed for usernames containing Unicode characters because it expects URL encoded usernames. RSS feeds do not support IRIs, so lets convert them to URIs by encoding the usernames.
2019-07-18 23:18:23 +02:00
Joffrey JAFFEUX
533f5172d7
fix tests (#7912) 2019-07-18 23:15:36 +02:00
Joffrey JAFFEUX
8dfd0e0374 DEV: uses private API for currentPath (#7911)
* DEV: uses with private API for currentPath

router.currentRouteName as a slightly different API and application.currentPath is deprecated

* another fix
2019-07-18 17:00:39 -04:00
Kris
e8a14a3a65 Updating breakpoint mixin value name 2019-07-18 16:33:12 -04:00
Vinoth Kannan
ad04ce9f43 FIX: remove post upload record creation inside 'find_missing_uploads' method. 2019-07-19 01:44:08 +05:30
Joffrey JAFFEUX
9cdc059a99
fix tests (#7908) 2019-07-18 19:48:12 +02:00
Joffrey JAFFEUX
f9c7d5a4bd DEV: removes application.currentPath deprecation (#7905)
See https://deprecations.emberjs.com/v3.x#toc_application-controller-router-properties for more context
2019-07-18 13:29:37 -04:00
Joffrey JAFFEUX
617c74bc79 DEV: remove .property() deprecations (#7906)
More context at https://deprecations.emberjs.com/v3.x#toc_function-prototype-extensions-property
2019-07-18 13:28:23 -04:00
Robin Ward
5e50a24d3a
Fix typo
It's jump-to not jumpt-to
2019-07-18 12:44:35 -04:00
Joffrey JAFFEUX
cb84133855
FIX: bugs preventing to close delete account modal with button (#7904) 2019-07-18 18:16:29 +02:00
Kris
0f1a0b45de UX: Fix profile image upload control spacing on mobile 2019-07-18 11:36:24 -04:00
Joffrey JAFFEUX
95ad4f9077
FEATURE: new date/time components (#7898) 2019-07-18 17:29:41 +02:00
Neil Lalonde
194a2b612f FIX: string that can't be translated in watched words UI 2019-07-18 11:07:02 -04:00
Kris
d841bff9f8 remove whitespace from twitter onebox 2019-07-18 09:45:09 -04:00
Roman Rizzi
f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Joe
c1b58613a2
UX: adds <a> tag with href category box titles (#7901)
This Ensures that category titles in category-boxes can be opened in a new tab.
2019-07-18 19:25:39 +08:00
Gerhard Schlager
7e69c5cc36 Revert "FEATURE: Use configured quotation marks in fancy topic title"
This reverts most of commit ce8e099639.

The rake task to update fancy topic titles is still there, because that's useful even without this feature.
2019-07-18 11:55:49 +02:00
Blake Erickson
092eeb5ca3 FEATURE: Create a rake task for destroying categories
Created a rake task for destroying multiple categories along with any
subcategories and topics the belong to those categories.

Also created a rake task for listing all of your categories.

Refactored existing destroy rake tasks to use new logging method, that
allows for puts output in the console but prevents it from showing in
the specs.
2019-07-17 12:44:14 -06:00
Vinoth Kannan
4f0004a0c2 Fix typo in dc6b13e4d2. 2019-07-17 15:54:42 +05:30
Arpit Jalan
d4d81515d2 Fix the build. 2019-07-17 12:03:45 +05:30
Arpit Jalan
e4d743910d FIX: respect logout_redirect setting on 'Log out all' 2019-07-17 11:58:04 +05:30
Vinoth Kannan
dc6b13e4d2 FIX: when 'raw' started with non-image upload url it's not converted to short-url.
dd0f0494c6
2019-07-17 11:13:50 +05:30
Vinoth Kannan
dd0f0494c6 FIX: convert hotlinked non-image urls to short url.
3840ace978
2019-07-17 09:15:09 +05:30
Rafael dos Santos Silva
2a0cd066a7 FIX: Remove all service workers from Apple devices *again*
There is a bug that when Safari starts up, and reloads the tabs from
the previous session **and** there is a service worker registered for
the scope of the document, all cookies marked as `SameSite=Lax` won't be
sent in the request.

This puts Discourse in a **very** broken state, where:

- You appear as a anon user
- Subsequent xhr requests will come with logged in data
- Refreshing doesn't log you in (cookies are still not sent)
- Clicking on the address bar and hitting enter, will log you in (as it
will finally send those damn `SameSite=Lax` cookies.

Looks a lot like a corner case missed by the fix at
https://trac.webkit.org/changeset/241918/webkit
2019-07-16 19:30:38 -03:00
Penar Musaraj
a571efba35
FIX: Rename deprecated icons, allow custom icons in badges
- adds a migration renaming FA4 icon names in badges
- allows all icons to be used in badges (previously was limited to icons prefixed with fa-)
- renames remaining FA 4.7 icons equivalents
2019-07-16 11:13:44 -04:00
David Taylor
ed5b31f427 FIX: Recompile extra_js theme assets when COMPILER_VERSION changes (#7897) 2019-07-16 16:34:33 +02:00
Osama Sayegh
eff1c19e3b FIX: Fallback to gzip compression if brotli isn't supported (#7895) 2019-07-16 11:05:37 -03:00
Vinoth Kannan
3840ace978 FIX: skip markdown conversion for hotlinked non image urls 2019-07-16 18:05:17 +05:30
Joffrey JAFFEUX
b3eb67976d
DEV: Upgrades to Ember 3.10 (#7871)
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-07-16 12:45:15 +02:00
David Taylor
e2fa5704e9 UX: Remove duplicate copy in two-factor preferences 2019-07-16 10:57:11 +01:00
Régis Hanol
7ecbf3865b UX: use SCSS color variables 2019-07-16 11:53:34 +02:00
Michael Brown
e8ee392186 Revert "FIX: apply defaults constraints to routes format (#7890)"
This reverts commit 7d01c5de1a.

Trivial get on / was failing with a 404 with this change.
2019-07-15 17:31:24 -04:00
romanrizzi
12e71f1fb2 UX: Swap ignore and mute sections to move the 'Save changes' button to the bottom 2019-07-15 17:30:01 -03:00
OsamaSayegh
8a525cafec UX: Use height relative to the viewport for robots.txt textarea 2019-07-15 19:35:50 +00:00
Rafael dos Santos Silva
b505d1d700 DEV: Force workboxjs debug to false on dev env too 2019-07-15 16:07:49 -03:00
Osama Sayegh
7d01c5de1a
FIX: apply defaults constraints to routes format (#7890)
This fixes the problem where if a route ends with a dynamic segment and the segment contains a period e.g. `my.name`, `name` is interpreted as the format. This applies a default format constraints `/(json|html)/` on all routes. If you'd like a route to have a different format constraints, you can do something like this:

```ruby
get "your-route" => "your_controlller#method", constraints: { format: /(rss|xml)/ }

#or
get "your-route" => "your_controlller#method", constraints: { format: :xml }
```
2019-07-15 21:55:11 +03:00
Osama Sayegh
6515ff19e5
FEATURE: Allow customization of robots.txt (#7884)
* FEATURE: Allow customization of robots.txt

This allows admins to customize/override the content of the robots.txt
file at /admin/customize/robots. That page is not linked to anywhere in
the UI -- admins have to manually type the URL to access that page.

* use Ember.computed.not

* Jeff feedback

* Feedback

* Remove unused import
2019-07-15 20:47:44 +03:00
Penar Musaraj
90e0f1b378 UX: rearrange controls in edit modals
Allows users to see the controls even after scrolling contents of edit modal.
2019-07-15 13:44:44 -04:00
Rafael dos Santos Silva
1221d34284
FEATURE: Make Discourse work offline with WorkboxJS (#7870) 2019-07-15 13:05:55 -03:00
Vinoth Kannan
839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Bianca Nenciu
8e133de831
FIX: Ensure suppressed categories do not produce any featured topics. (#7863) 2019-07-15 17:32:03 +03:00
Joffrey JAFFEUX
ff66e62e0c
UX: ensures popup-tip shows over dropdowns (#7891) 2019-07-15 08:55:20 +02:00
Guo Xiang Tan
4b0cf7f6dd SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:55:50 +08:00
Guo Xiang Tan
a4234e9be0 DEV: Minor tweaks to Admin::WatchedWordsController. 2019-07-15 10:22:46 +08:00
Gerhard Schlager
ce8e099639 FEATURE: Use configured quotation marks in fancy topic title 2019-07-12 21:10:10 +02:00
Gerhard Schlager
8f89254554 FIX: Recalculate settings when dependent settings change 2019-07-12 21:10:10 +02:00
Gerhard Schlager
7311eeed39 FIX: Use default locale for flag reasons 2019-07-12 12:04:23 +02:00
Bianca Nenciu
c4d1833588 FIX: Do not show bootbox if post has no replies. (#7866)
When we delete a post that has replies, we show a modal asking if the user wants to delete the post, the post and its direct replies or the post and all its replies.

If replies are deleted before a post, that modal would ask the user if they want to delete the post and 0 replies.

That commit ensure we skip the modal and directly delete the post in this case.
2019-07-12 11:42:57 +02:00
Gerhard Schlager
4a095b286b Follow-up for 9a11a8b3 to fix qunit tests 2019-07-11 23:56:22 +02:00
Gerhard Schlager
9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
Robin Ward
1d38040579 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
Joe
fd4557a9ef UX: Mobile editor style fixes (#7878) 2019-07-11 09:57:53 -04:00
Arpit Jalan
e0562a8172 UX: update placeholder for Tags Groups 2019-07-11 12:34:11 +05:30
Kris
aa7181820c UX: Add title attribute and aria-label to PM icon link 2019-07-10 23:05:57 -04:00
Kris
bdaf07adcf Hide empty anchor tag from screen readers 2019-07-10 22:39:25 -04:00
Kris
1983f0d06e Don't load PM icon in title unless topic is a PM 2019-07-10 22:38:32 -04:00
Kris
b848bd4ddc True should be a string to display properly in aria-haspopup 2019-07-10 22:02:21 -04:00
Joffrey JAFFEUX
bd35a8f334
FIX: ensures spinner is showing on tags/show when loading more (#7876)
Context: https://meta.discourse.org/t/issue-while-scrolling-down-after-selecting-a-tag-on-the-home-page/122542
2019-07-10 21:37:31 +02:00
Joffrey JAFFEUX
142344e45d
FIX: ensures routing with hash doesn't stuck history (#7872)
* FIX: ensures routin with hash doesnt stuck history

Original issue: https://meta.discourse.org/t/hash-anchor-in-url-prevents-further-url-updates/122068/4

Basically when the path has a hash, state would be null, and nothing would happen.

* Update app/assets/javascripts/discourse/lib/discourse-location.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-10 20:43:03 +02:00
romanrizzi
f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Dan Ungureanu
90fcdad3cd UX: Discard selected post if it is not in viewport. (#7869)
This way, users can combine keyboard shortcuts with mouse scrolling.
2019-07-10 10:22:09 -04:00
Roman Rizzi
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Robin Ward
629bb8adf2 SECURITY: XSS with title selector on preferences page
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 15:49:24 -04:00
Neil Lalonde
6e22499e5f Remove unused file resubscribe.html.erb 2019-07-09 15:17:33 -04:00
Gerhard Schlager
a65a9a85d5 FEATURE: Remap uploads during restore when S3 or CDN changes
In order for this to work the Backuper stores a couple of site settings
in the new backup_metadata table, because the old setting values might
not be available on restore anymore.
2019-07-09 14:04:16 +02:00
Dan Ungureanu
9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Penar Musaraj
f4dc6de9f1 FIX: Clear theme editor content on switching tabs
Issue happens when sending a null value to ACE Editor.
Fixed by sending an empty string to ACE instead of null.
2019-07-08 20:06:56 -04:00
Arpit Jalan
324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Penar Musaraj
7b0517895e FEATURE: Add "Group owners" to posting options for groups
Context: https://meta.discourse.org/t/121589

This new setting option lets group owners message/mention large groups
without granting that privilege to all members.
2019-07-08 17:14:11 -04:00
Penar Musaraj
b690fc3d98
FEATURE: Add new group visibility option for "logged on users" (#7814)
Groups can now be marked as visible to "logged on users". All automatic groups (except `everyone`) are now visible to "logged on users", previously they were marked as public but suppressed in the group page for non-staff.
2019-07-08 15:09:50 -04:00
Arpit Jalan
bb8cf81089 Bump onebox version.
- better placeholders for audio/video/trello/typeform oneboxes
- added CSS for audio/video/trello/typeform onebox placeholders
2019-07-08 21:40:33 +05:30
Joe
e49b5fa30c
UX: expand-post button alignment fix (#7865) 2019-07-08 14:36:15 +08:00
Arpit Jalan
2cd4e95d82 FIX: show category name in title for crawler view
Show category name in title for crawler view despite presence of `short_site_description`.

Bug reported here: https://meta.discourse.org/t/short-site-description-break-category-title-for-crawler-or-its-the-expected-behavior/122109/
2019-07-08 11:42:39 +05:30
Robin Ward
3132a9007b FIX: Use correct timezone for manual SQL 2019-07-06 15:14:07 -04:00
Robin Ward
a075fd46fd FIX: Don't use exceptions to catch conflicts
If a database exception is raised ActiveRecord will always rollback
even if caught.

Instead we build the query in manual SQL and DO NOTHING when there's a
conflict. If we detect nothing was done, perform an update.
2019-07-06 14:43:56 -04:00
Kris
a9982b5aa2 UX: Make default site logo height an even 40px 2019-07-05 23:46:43 -04:00
Robin Ward
de6edf9e4e FIX: Back button would go to previous topic instead of list
See related topic:
https://meta.discourse.org/t/back-button-history-not-properly-working/122183

The issue here is the transition was not completing properly which meant
if you backed out of a topic quickly and entered a new one, hitting back
in the second topic would sometimes take you to the previous one instead
of back to the topic list.
2019-07-05 15:53:14 -04:00
Robin Ward
66214eee85 SECURITY: Strip HTML from invite emails
We also strip new lines from the emails because it ruins the markdown
formatting which expects a one line message.
2019-07-05 14:57:11 -04:00
Régis Hanol
155cad8b85 FIX: only add image size when with & height are in pixels 2019-07-05 20:34:11 +02:00
Kris
589351d996 UX: Give badge icons width to accommodate for dimensionless SVGs 2019-07-05 12:37:18 -04:00
Penar Musaraj
7c130990e9 FIX: IE grid layout issue on user's own activity page 2019-07-05 12:05:58 -04:00
Arpit Jalan
5494e17c71 UX: improve twitter status onebox with line breaks 2019-07-05 20:37:08 +05:30
Arpit Jalan
5bc1fd23b0 Bump onebox version.
- update HTML for twitter quoted onebox
- updated CSS for twitter quoted onebox
2019-07-05 19:35:36 +05:30
Arpit Jalan
bd084b2147 FIX: do not show invite button if local logins are disabled 2019-07-05 15:16:20 +05:30
Joffrey JAFFEUX
f140c4d499
FIX: ensures routing to / with query string works (#7859) 2019-07-05 09:40:19 +02:00
Vinoth Kannan
1bb258ab49 DEV: use upload short-url in html to markdown conversion if 'base62-sha1' data attr available. 2019-07-05 10:06:41 +05:30
Ralph Rooding
1318e0b288 FEATURE: Rake themes installer (#7848)
* Delete remote_theme when deleting the theme

* Install themes and theme components through rake

* Removed unnecessary test
2019-07-04 14:33:05 -04:00
Robin Ward
72bac61c90 FIX: Upsert a custom field if a unique constraint fails 2019-07-04 13:26:25 -04:00
Penar Musaraj
c78634284c UI: when in a different topic context, allow dismissing draft without destroying it
This changes the label and behaviour of the "No, keep" button in the confirmation modal when user cancels a draft while on a different topic. The new button label is "No, save draft", and when clicked, the composer will be dismissed without destroying the draft.
2019-07-04 11:45:57 -04:00
Penar Musaraj
03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
Mario Santos
c5625b70f1 FIX: Prevent emoji-picker from not showing (#7856)
If an external plugin inserts an element with class "emoji-picker", something probable if they extend EmojiPicker, it could cause troubles as css is added depending on the emoji-picker height. Just by adding a class of a parent <div> as could be d-editor, we prevent this from happening.
2019-07-04 11:46:21 +02:00
Gerhard Schlager
a5e80079d6 FEATURE: Add Belarusian language 2019-07-04 11:37:37 +02:00
David Taylor
2063d20e9a Revert "DEV: Let OmniAuth strategies return auth result. (#7833)"
This reverts commit dc5eb76551.

It is better to keep any custom redirect logic within omniauth, without relying on the app
2019-07-04 10:06:18 +01:00
Joffrey JAFFEUX
71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
David Taylor
5fdf228db6
FIX: Respect the full_screen_login parameter from plugin auth providers (#7855)
This behavior was regressed in 427979e7e5
2019-07-04 09:06:29 +01:00
Arpit Jalan
1708be4f27
FEATURE: support query params when redirecting to internal link on login (#7829) 2019-07-04 11:11:43 +05:30
David Taylor
0f813fc7c7 DEV: Remove reference to non-existent letter_proxy route
This was introduced in f04471e422, but never actually used
2019-07-03 23:48:32 +01:00
Bianca Nenciu
459932f4e2 FIX: Use title attribute for notification items. (#7840) 2019-07-03 10:48:13 -04:00
Julian Calvento
f3c9dbcf20 UX: Add styling for quoted tweets (#7832) 2019-07-03 10:34:46 -04:00
romanrizzi
9ca1bbe900 Revert "FIX: remove misplaced save button"
This reverts commit 4f468ef210.
2019-07-03 10:56:08 -03:00
Joffrey JAFFEUX
f9f1df7611
DEV: prevents reports key to be time dependant when testing (#7850) 2019-07-03 15:43:01 +02:00
romanrizzi
4f468ef210 FIX: remove misplaced save button 2019-07-03 10:39:01 -03:00
Bianca Nenciu
bfdf740a05 FIX: Show 'Export' button for all tabular reports. (#7838) 2019-07-03 14:47:36 +02:00
OsamaSayegh
426c8045de FIX: logs for enabling/disabling components should show up in the staff actions logs 2019-07-03 12:33:25 +00:00
Osama Sayegh
3d64532273 FEATURE: allow disabling theme components (#7812)
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Joffrey JAFFEUX
ecf0215ee7
DEV: resets page tracking state between tests (#7847) 2019-07-03 10:08:05 +02:00
Joffrey JAFFEUX
9ee2c121c1
FIX: ensures emoji helper is working with custom emojis (#7843) 2019-07-03 09:23:40 +02:00
Joffrey JAFFEUX
0733ed3a2b
FIX: ensures /t/TOPIC_ID/POST_NUMBER is correctly routing (#7841) 2019-07-03 09:23:23 +02:00
Penar Musaraj
6e3e0685fb DEV: add useBlockMode option for toolbar button text selection
Allows buttons to switch selection to block mode if needed.
2019-07-02 18:02:40 -04:00
Rafael dos Santos Silva
c422520b4a FEATURE: Add CSS classes to associated accounts rows 2019-07-02 16:56:15 -03:00
Joffrey JAFFEUX
72441e2c7c
FIX: page starts at 1 (#7844) 2019-07-02 17:26:23 +02:00
romanrizzi
8404921b91 FIX: Remove misplaced outlet 2019-07-02 11:26:40 -03:00
Arpit Jalan
ccb3ba509d
FIX: creating new badge is failing on empty SQL query (#7837) 2019-07-02 15:12:53 +05:30
Joffrey JAFFEUX
1b45096aa5
UX: improves styling of similar topics results in composer (#7839) 2019-07-02 11:26:43 +02:00
Penar Musaraj
fca2f0f212 FIX: Only show remove timer button to users with permission to do so 2019-07-01 22:17:02 -04:00
Osama Sayegh
f1c67729de Different fix (#7815) 2019-07-02 11:53:16 +10:00
Sam Saffron
4dcc5f16f1 FEATURE: when under extreme load disable search
The global setting disable_search_queue_threshold
(DISCOURSE_DISABLE_SEARCH_QUEUE_THRESHOLD) which default to 1 second was
added.

This protection ensures that when the application is unable to keep up with
requests it will simply turn off search till it is not backed up.

To disable this protection set this to 0.
2019-07-02 11:22:01 +10:00
Dan Ungureanu
dc5eb76551 DEV: Let OmniAuth strategies return auth result. (#7833) 2019-07-01 13:13:11 -03:00
Arpit Jalan
f56d86a852 FIX: use normal title instead of fancy title for prefilled composer 2019-07-01 17:55:24 +05:30
Joffrey JAFFEUX
7b52a110b8
DEV: removes DOMTokenList polyfill (#7831)
Creates more issues than it solves especially on IOS, I dont trust it anymore. Will reconsider if this is an issue in the future.
2019-07-01 14:08:38 +02:00
Gerhard Schlager
d513c28e3b FIX: Don't send notification email when user isn't allowed to see topic 2019-07-01 14:03:03 +02:00
Arpit Jalan
997250586c FEATURE: prefill title for direct messages from topic
https://meta.discourse.org/t/default-re-title-title-for-direct-messages-from-topic/121413
2019-07-01 17:14:08 +05:30
Joffrey JAFFEUX
af58049eeb
UX: puts tags and categories on same line in search-menu-results (#7830) 2019-07-01 13:11:43 +02:00
Joffrey JAFFEUX
384f5cea05
FIX: ensures static pages are using absolute path (#7828) 2019-07-01 11:25:45 +02:00
Joffrey JAFFEUX
11ae5c78db
FEATURE: adds infite scroll on admin users list page (#7821) 2019-07-01 11:00:06 +02:00
Bianca Nenciu
4f97f85178 DEV: Fix lint. (#7824) 2019-06-28 20:24:09 +02:00
Kris
aa9b9e1930 UX: improved mobile positioning of topic timer remove button 2019-06-28 14:09:42 -04:00
Joffrey JAFFEUX
5bab4f8007
UX: gives each info its own line in search-menu-results (#7825) 2019-06-28 11:14:38 +02:00
Joffrey JAFFEUX
61438c825a
fix prettier (#7823) 2019-06-28 09:36:38 +02:00
Bianca Nenciu
b2eb0f4ad6 FEATURE: Export any type of report supporting table mode. (#7662) 2019-06-28 08:50:31 +02:00
Kris
82f2af8a0d UX: Move link to show tracked topics, simplify translation 2019-06-27 21:36:24 -04:00
Penar Musaraj
27387b0859 Do not collapse quote notifications
This prevents an issue where edits to a post with a quote would trigger push notifications indefinitely.
2019-06-27 18:20:43 -04:00
Ralph Rooding
4ba35472e6 Don't check for second factor when switching to anonymous account (#7803) 2019-06-27 15:01:26 -07:00
Joffrey JAFFEUX
a61147d838
FEATURE: displays tags in search menu results when enabled (#7819) 2019-06-27 19:26:14 +02:00
Robin Ward
ed936bcb01 FIX: Fix a navigation bug
To reproduce:

1. Visit a url in a new tab such as `/latest?order=views`

2. Click a topic link

3. Click the back button

Before this patch, you would not be sent back to the latest list.

Now, I am somewhat hesitant to delete code like this, but the [original
commit](b2b7f4d905)
explains a situation that I cannot reproduce with the code missing.

I cannot seem to keep the filters as sticky even if I try. At the very
least this is better to commit right now than the currently known broken
situation.
2019-06-27 09:06:10 -04:00
Gerhard Schlager
fe870a1e54 DEV: Respond with error 400 to uploads requested via XHR
follow-up to 13f38055
2019-06-27 11:15:35 +02:00
Sam Saffron
8f7a387aa7 FEATURE: add support for tag group search
The behaviour of #TERM in search has been amended

1. We try category or subcategory slugs
2. We try tags
3. We try tag-groups

The term `hello #my-group` will search for all posts tagged with any of
the tags in the tag group `My Group`

Future work may be introducing a slug cache here or caching it in the table
but the assumption is that the number of tag groups will not be huge
2019-06-27 17:53:26 +10:00
Arpit Jalan
9a2eb5c8cb UX: change icon for video placeholder 2019-06-27 12:27:14 +05:30
Sam Saffron
5bc5c02af6 FIX: mark topics in sub categories as unread when dismissing parent
Previously we would only dismiss the parent category and leave the
child categories unread
2019-06-27 13:26:48 +10:00
Jeff Wong
88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626)
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Osama Sayegh
50e4ecc77e
UX: hide post is unread tooltip after the post is read (#7813)
Note we can't use `display: none` here because it doesn't work with
animations.
2019-06-26 22:39:57 +03:00
Arpit Jalan
a3bcb8e887 UX: make onebox video placeholder icon grey 2019-06-26 23:40:36 +05:30